From patchwork Mon Oct 30 13:21:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13440571 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2682014285 for ; Mon, 30 Oct 2023 13:22:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="BF9QhSVL" Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2056.outbound.protection.outlook.com [40.107.6.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8467CC6 for ; Mon, 30 Oct 2023 06:22:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BpZ7gwLi4bxFTgGlNvAsjHpOn678liztRACvYVGVxVrtfEaRB8ZEZSAyid0GpBOHGav3bs3TfO2oT098bZjq+bvL2+3XIUAnCyErcCtpWT0V+aonoDap17Ujt0bS/eBBENmVjJRz1oeaDgfuSowpTSZg9nL9pvFN+7sDk8uMQFiWaCV1C2y2Qj9zKGVMeRP3DQF8zSONxLtsrDLCXcNd87cLUOw0bcaVLzpAxWz4P8w0PkSyLvkdxC4AUXNxi2DMtohDOCqUghsaxqNQTddRAwt0iZW7gJOn8GR+h3+2bFr8l4xfWQvMqvyOLk9+omHw1JgeUKOOapbZuDdjn2ifJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cd4M63l+jloqdakBevhrS+rEqbjF2xSTmN3byz6o650=; b=TvBpLTV9+2bUK1d4CjxGOK/rFXKJ6/M5bZElKVXQKX9BI/o2+GCf33d1qE6hCvtyrwBZMaX7AGQDYDnXrtncAC6V4kT9SiBCha+o1H9VF+VCKj3zHkOar7V0GT+47zpjiWnRXHcqUmNBh+ffJ0X3OEsrEQYJAiUDfFj3Q1OIoFJgumP6qWvciLINW3YnlMGZKsrDAyhHEFI02CgkqLLO5Cd5xpFYc9PUfy+5WX3oiGRPQSedsx2cOkCc/Sj7uVeEuOvZPztfCxLgP+fy/9hnXRBpO88F3YVYbggg0YxQM3E7Ty6Sg3KRTIbifOh4PzbynWriLjYzFQDgkSzNlaeIpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cd4M63l+jloqdakBevhrS+rEqbjF2xSTmN3byz6o650=; b=BF9QhSVLlvpc/8FysOPMQxi96b0x47WBI/Usum9Ax0nJSYrI1ZGBAiXzVrds4qCYi6zv8NYTdxjM+XhPrM051H4gLjJlO/YKVqI4T2EcWX1QlmaqYJ47zagIlHQ1M9mtR8tUzvclY2LIc03F5kDMCeAlXrRix+WBOv1cwmKVIaZ6C8YWLzBa4i4ibN/4Z8zf78PT8dMkyLVE+wD2Z7B4yZqXFgObTT3bd41PKJYYOuZmPZ5QLVorSOz1058lcpJnBA7h9Dkfbxp2AFtV/dfxpNFYd0F4hANJI1WRor08O4fmVpHccxaTN9nKorvS6xucFhfWajiJanZmtrrzpbIrpg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) by PAXPR04MB8861.eurprd04.prod.outlook.com (2603:10a6:102:20c::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.14; Mon, 30 Oct 2023 13:22:16 +0000 Received: from AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c]) by AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c%6]) with mapi id 15.20.6954.016; Mon, 30 Oct 2023 13:22:15 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org Cc: Shung-Hsi Yu , Daniel Borkmann , Andrii Nakryiko , Alexei Starovoitov , =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rge?= =?utf-8?q?nsen?= , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Eduard Zingerman Subject: [RFC bpf 0/2] bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END Date: Mon, 30 Oct 2023 21:21:40 +0800 Message-ID: <20231030132145.20867-1-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.42.0 X-ClientProxiedBy: FR2P281CA0096.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9b::19) To AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR04MB9510:EE_|PAXPR04MB8861:EE_ X-MS-Office365-Filtering-Correlation-Id: 32315b31-962a-476d-76b3-08dbd94b3c1a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hKPAFMQ0YJKcFeLvKAzwUWERv6iieBhAsDS+djSP1BZXUlSmDVceFKzCZEvelrp0Ko7JfzQkjm5CwVWJ/8IQjwXNb4Kq3zbj1RgX+Pqkhu8/yRZHGrxkj7AzYOK4AVJec2pPhdqHsxkF8uytb7tkPLyqIl3rZNsq+hH/joUmwpdGTlnU7f2wqzRjyfcIU5yhpANt+mWCzl0SAC5yacdhmmcNpLiIrZX6uhFMCdMAaPjYMsl6+iv3vtUOc23GkYMZtgqCZa0TkV2oIQNXqqJ8QTAcbH0RKGSdQSBS/s/tkQYtT8+ePTingDEDSY5ZIto7CuIzFFmVvXptQw443IpNStGliIDfORqDzQvSDwJtXL5ROuv9KsOxLUocIpGmzApGWrLIr3A5iGwKpgAeIuFzMNExuSAQ35sUYhnLqGm+RSI3aieltBP1rkTOR4RiO7SIoZZ39opNOfrBH63BP1+g+Job+t38FUpdVR4qYOZdanrdKNltULOTYj4tZKJC1hnMhcLxbXnxbH6h7AHZDHJ+UI37RKxbzuX4NgY3jjhQnxo= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR04MB9510.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(136003)(366004)(376002)(346002)(396003)(39860400002)(230922051799003)(186009)(451199024)(1800799009)(64100799003)(5660300002)(41300700001)(7416002)(2906002)(54906003)(66556008)(66946007)(66476007)(966005)(6486002)(8676002)(8936002)(4326008)(478600001)(316002)(6916009)(38100700002)(83380400001)(86362001)(36756003)(6506007)(6512007)(6666004)(1076003)(2616005)(66574015);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?DKla9VpZFDmhsuhnkPeLcb5oXMgp?= =?utf-8?q?X06Dno88FSBmYw8q56WLe+YvVfUqgVAWpxBfczZ9RNPDHsyudxTC0frRqm4a1kwC5?= =?utf-8?q?KpnmrXJ4HaYTzdtvwtOKGx4wNlVKKu4/dMTxLYxwrXXNbVdClllYrwDwqOxePGU1Y?= =?utf-8?q?4GfBpwx5Vkf8bClp62VTs3YYrcTJZEwS1d5/DGfLAM6xw5J+q1Pdq+xkeMdiqT4CE?= =?utf-8?q?gX5BXXeUmOarRRlN3wnm6L/51A5286X0/r4FgCaT2RF2h0cWvxKMS/zB9KrG/ZFgP?= =?utf-8?q?z+L8uOZo3LdJkzgwq38nzAuDKP2UsMbQTRNCWB31why0th9WbnYQyv2mrC6LUBZJt?= =?utf-8?q?mtysbQ1AZjZDBLl7ApxcaP8cTNl9vg4GViozDUNd0rZZBqJFkfJi6+FhbThOVo42F?= =?utf-8?q?Bske2FGhK1vTqAIJgU2cILM/nngMUfJcrQStPW6MlBFOWbfETWUghQOSFxM7zbjid?= =?utf-8?q?v5WCvQQw53mPX2kQT133WinJbRxJToLPzE1VhhgCACjT0MlAsmi9bZ8EqHw033BqQ?= =?utf-8?q?3xfcHvc5dTQ0udeQrnsopUMSm2PNtxiPXwP8GNdko8OEhid7KrPQYKs66EApXy/fE?= =?utf-8?q?KoJLNpwaWKsm2i5dL3R/hbuUjdCWYwGXgglbgL5aubLb0n3uwwnxyzNMcYU0TGG1a?= =?utf-8?q?lyT/luN2P49InCoVDDZL2rEZ6yfxqj+N0qdIQxP7b08pAV06J1WbFrjjUyLOW5VFb?= =?utf-8?q?eXHYAW6+HexHRnb5uLGQpEtyO5isU1moQ/lJ4Cn704jJPJEQ9j5k/32cQ3V2+p/z7?= =?utf-8?q?h7XfwmCZSHj9BSZ3P9w8/q7UJMydQMMevbEhbUD7d0KiVEmzoGY4MJuKA6Ddez6yD?= =?utf-8?q?xaxEjju9V78n4whR4Wq8Zt30t1L7qoXHtEZwr5vPQr1DCuW6329OVCRPJJI/ft82O?= =?utf-8?q?1Pp/J7ttT347EUN360L82ugsgaLlZiLoZ5dQxf+XzgWajHdgthIlTJ6YNfV4EpTa+?= =?utf-8?q?gfepU8xc9SkUKoe6p4Gv+YtdJiLKYJ8JwYFe+BLezCv1jmc0S5udhfwM8aDuafDlN?= =?utf-8?q?L3xIrPHwR6YmdCnadLPY18gfECPOfZ8Yt7AC5gHcMrN4QVz3oIClXxVUW7/X55tTS?= =?utf-8?q?C8E+L01FT1XOrQSha6FHnYnptkFvSbomW5efbPN2qTMln7HiByJWU4OmHgcXlZ1S+?= =?utf-8?q?6G/zbU0yIL5pUL/h1cBga7mHdEqp3h85nT7/w5iANKeit5hl4oL0b7v3Z66l5Elgb?= =?utf-8?q?s5v44lcxvaRqVZ19A78EwED2Ry/UvwQSdGCP1mtA/AOsMj2hoyn9kZGiGhd8+9Phv?= =?utf-8?q?jA7OqddFN25FSmoGDbfPRbilTTy0PtVJzKooK57HSnbbkU/MrjqOjCCGVwwmkfsDM?= =?utf-8?q?8Y1DsLW8EeTNRw5MWm/5zD0Q9OD2GJVHwX1ss8YARWON/zH1o7w0yS9DbWSQ0tp0n?= =?utf-8?q?e6yYub8BtEyz4AcaG5QbZJQH6Yb7ku33S0HFrjidY2lam50oO461lxo4bOfVQW4KP?= =?utf-8?q?4KyXM2XKpBWviH9cYwJyNH+0opqCVeSEasLhToEfLscDKZoviTp8DYnBDZlOwnOIz?= =?utf-8?q?7tz+a+MfpYglPTjFUhBStTzMj0QI/zkjHlsx122Mqms0k04rSK4iy5hsTG8uHV/Qi?= =?utf-8?q?osVTH6XIFrfW3Wh96032h2NEq8b6X2XyA=3D=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 32315b31-962a-476d-76b3-08dbd94b3c1a X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB9510.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 13:22:15.8333 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RMIgUAt0b4cbECGB+YmxDEgSOLYo60viU93cumoHtGzDpdNpXIEoTLRkqUWQmxN2OHJS+MVG0LISPugXSQ/HkQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB8861 X-Patchwork-Delegate: bpf@iogearbox.net X-Patchwork-State: RFC Note: this is sent as a RFC because I'm quite unsure about the selftest. (Please see the notes in patch 2, just above diffstat) This patchset fixes and adds selftest for the issue reported by Mohamed Mahmoud and Toke Høiland-Jørgensen where the kernel can run into a verifier bug during backtracking of BPF_ALU | BPF_TO_BE | BPF_END instruction[0]. As seen in the verifier log below, r0 was incorrectly marked as precise even tough its value was not being used. Patch 1 fixes the issue based on Andrii's analysis, and patch 2 adds a selftest for such case using inline assembly. Please see individual patch for detail. ... mark_precise: frame2: regs=r2 stack= before 1891: (77) r2 >>= 56 mark_precise: frame2: regs=r2 stack= before 1890: (dc) r2 = be64 r2 mark_precise: frame2: regs=r0,r2 stack= before 1889: (73) *(u8 *)(r1 +47) = r3 ... mark_precise: frame2: regs=r0 stack= before 212: (85) call pc+1617 BUG regs 1 processed 5112 insns (limit 1000000) max_states_per_insn 4 total_states 92 peak_states 90 mark_read 20 0: https://lore.kernel.org/r/87jzrrwptf.fsf@toke.dk Shung-Hsi Yu (2): bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END selftests/bpf: precision tracking test for BPF_ALU | BPF_TO_BE | BPF_END kernel/bpf/verifier.c | 6 +++- .../selftests/bpf/prog_tests/verifier.c | 2 ++ .../selftests/bpf/progs/verifier_precision.c | 29 +++++++++++++++++++ 3 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/bpf/progs/verifier_precision.c base-commit: c17cda15cc86e65e9725641daddcd7a63cc9ad01